RealTime IT News

Unisys to Blame For DHS Insecurity?

Something is amiss in the network of the Department of Homeland Security (DHS), and a U.S. congressman is implicating Unisys in security failures stemming from alleged intrusions into the department's servers.

Rep. Bennie G. Thompson (D-Miss.), chairman of the Committee on Homeland Security, urged DHS Inspector General Richard Skinner in a Sept. 21 letter to investigate hundreds of instances in which Thompson claims hackers compromised the department's systems. If true, the allegations bode poorly for Unisys, the department's security contractor since 2003.

Furthermore, Thompson claims that Unisys itself may be responsible at least in part for the security failures.

"Over the previous five months, the House Committee on Homeland Security has investigated the information technology security posture at the Department of Homeland Security," Thompson wrote to Richard Skinner, inspector general at DHS. "The results of our investigation suggest that the department is the victim not only of cyber attacks initiated by foreign entities but of incompetent and possibly illegal activity by the contractor charged with maintaining security on its networks."

Thompson said DHS experienced 844 cyber security incidents during 2005 and 2006, adding that hackers compromised dozens of DHS computers and "exfiltrated" information from to a Web hosting service that connects to Chinese Web sites.

Thompson also alleged that contractors provided inaccurate and misleading information to DHS about the attacks in question, attempting instead to hide gaps in their capabilities.

In a statement responding to the story, Unisys denied allegations that it did not properly install essential security systems. The company argued instead that it followed proper security protocols and that it reported to DHS any incidents that might have occurred.

"Unisys has provided DHS with government-certified and accredited security programs and systems, which were in place throughout the period in question in 2006 and remain so today," the company's statement read. "We believe that a proper investigation of this matter will conclude that Unisys acted in good faith to meet the customer's security requirements."